[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] APPLE-SA-2023-07-24-4 macOS Ventura 13.5
From: Apple Product Security via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2023-07-25 0:26:14
Message-ID: CC531D9F-2DFA-4F82-BE35-46C725C1C190 () lists ! apple ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2023-07-24-4 macOS Ventura 13.5
macOS Ventura 13.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213843.
Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
Apple Neural Engine
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-38580: Mohamed GHANNAM (@_simo36)
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to determine a user's current location
Description: A downgrade issue affecting Intel-based Mac computers was
addressed with additional code-signing restrictions.
CVE-2023-36862: Mickey Jin (@patch1t)
AppSandbox
Available for: macOS Ventura
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32364: Gergely Kalman (@gergely_kalman)
Assets
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved data protection.
CVE-2023-35983: Mickey Jin (@patch1t)
curl
Available for: macOS Ventura
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating curl.
CVE-2023-28319
CVE-2023-28320
CVE-2023-28321
CVE-2023-28322
Find My
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2023-32416: Wojciech Regula of SecuRing (wojciechregula.blog)
Grapher
Available for: macOS Ventura
Impact: Processing a file may lead to unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved checks.
CVE-2023-32418: Bool of YunShangHuaAn(云上华安)
CVE-2023-36854: Bool of YunShangHuaAn(云上华安)
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-32734: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.
CVE-2023-32441: Peter Nguyễn Vũ Ho ng (@peternguyen14) of STAR Labs SG
Pte. Ltd.
CVE-2023-38261: an anonymous researcher
CVE-2023-38424: Certik Skyfall Team
CVE-2023-38425: Certik Skyfall Team
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32381: an anonymous researcher
CVE-2023-32433: Zweig of Kunlun Lab
CVE-2023-35993: Kaitao Xie and Xiaolong Bai of Alibaba Group
Kernel
Available for: macOS Ventura
Impact: A user may be able to elevate privileges
Description: The issue was addressed with improved checks.
CVE-2023-38410: an anonymous researcher
Kernel
Available for: macOS Ventura
Impact: An app may be able to modify sensitive kernel state. Apple is
aware of a report that this issue may have been actively exploited
against versions of iOS released before iOS 15.7.1.
Description: This issue was addressed with improved state management.
CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin
(@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of
Kaspersky
Kernel
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved checks.
CVE-2023-38603: Zweig of Kunlun Lab
libxpc
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved
validation.
CVE-2023-38565: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
(xlab.tencent.com)
libxpc
Available for: macOS Ventura
Impact: An app may be able to cause a denial-of-service
Description: A logic issue was addressed with improved checks.
CVE-2023-38593: Noah Roskin-Frazee
Model I/O
Available for: macOS Ventura
Impact: Processing a 3D model may result in disclosure of process memory
Description: The issue was addressed with improved checks.
CVE-2023-38258: Mickey Jin (@patch1t)
CVE-2023-38421: Mickey Jin (@patch1t)
OpenLDAP
Available for: macOS Ventura
Impact: A remote user may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-2953: Sandipan Roy
PackageKit
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved restrictions.
CVE-2023-38259: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: The issue was addressed with improved checks.
CVE-2023-38564: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional
restrictions.
CVE-2023-38602: Arsenii Kostromin (0x3c3e)
Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to modify sensitive Shortcuts app
settings
Description: An access issue was addressed with improved access
restrictions.
CVE-2023-32442: an anonymous researcher
sips
Available for: macOS Ventura
Impact: Processing a file may lead to a denial-of-service or potentially
disclose memory contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32443: David Hoyt of Hoyt LLC
SystemMigration
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: The issue was addressed with improved checks.
CVE-2023-32429: Wenchao Li and Xiaolong Bai of Hangzhou Orange Shield
Information Technology Co., Ltd.
Voice Memos
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with additional permissions checks.
CVE-2023-38608: Yiğit Can YILMAZ (@yilmazcanyigit), Kirin (@Pwnrin), and
Yishu Wang
WebKit
Available for: macOS Ventura
Impact: A website may be able to bypass Same Origin Policy
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256549
CVE-2023-38572: Narendra Bhati (twitter.com/imnarendrabhati) of Suma
Soft Pvt. Ltd, Pune - India
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256865
CVE-2023-38594: Yuhao Hu
WebKit Bugzilla: 256573
CVE-2023-38595: an anonymous researcher, Jiming Wang, Jikai Ren
WebKit Bugzilla: 257387
CVE-2023-38600: Anonymous working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 258058
CVE-2023-38611: Francisco Alonso (@revskills)
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 259231
CVE-2023-37450: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS Ventura
13.4.1 (c).
WebKit Process Model
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 258100
CVE-2023-38597: 이준성(Junsung Lee) of Cross Republic
WebKit Web Inspector
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 256932
CVE-2023-38133: YeongHyeon Choi (@hyeon101010)
Additional recognition
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
macOS Ventura 13.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmS/FLcACgkQ4RjMIDke
NxmkZRAAjjxwr78rla+am6CeQzC7jrb5mJPfrgSv4AYzFxicpRPdgS1Ccq4g4//i
mEBcguqRuxmalSzHNgzRRFpynHaOri5d0YIoersRkDAtzzOAyAF81sszYL0vxxJo
9vDpuLfbehX5xsHN8K0owJwFAmLAMiCJrWlAOYlxEsiERszr3cC8rmX5pYgenWFZ
N9HM5vP/l7HLDdLEdGEympiofQ/GJAL85ZxV8cXKUhCHdymaAv+vE9yUBO1PrZVA
T9K5BLmwP0jPe8GrvzQqYtvC5LWn1MzMV9bOj/M2yZ98TYn+pZZkrF1LJbiW+qHz
xj2DEgqosTrTERbbHp4WkI+4Q8iCMgB2x1b2z1Ro/rck58yabb5IweWBjnwdyBXK
lba6siFP3hhwCwvdx06Dgv4hzPQw6Rz5s9ZEToqVyxaq68gRqCWgI8u6A69th73J
oqxbcwuz7cIWokvDHYn66BD9+R6jXtcKt1Ina6SKsIeIC2sG3keOlC5mTvgPbaaS
IEeaO7NdkDAEdD3VWhDuB6nR2womKMJufcOwcwE0CD9HDxOruCt4ty9AX12R9N26
9y/9KoF5VzyJh+YEU0G0moj0b+ugu4E8FziVsb5z+CxPt0KZs9SgU3dIIaneo/yB
8UeZq3pAeIzBZkANlYYXhMOk7Bd5yA/8eYwfS6HxeG9OIM6a1V4=
=moFJ
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic